4.6. Managing virtual routers¶
Virtual routers provide L3 services such as routing and Source Network Address Translation (SNAT) between virtual and physical networks, or different virtual networks:
- A virtual router between virtual and physical networks provides access to public networks, such as the Internet, for VMs connected to this virtual network.
- A virtual router between different virtual networks provides network communication for VMs connected to these virtual networks.
A virtual router has two types of ports:
- An external gateway that is connected to a physical network.
- An internal port that is connected to a virtual network.
Note
A router can only connect networks that have IP management enabled.
To create a virtual router, do the following:
On the Compute > Networks > Networks tab, make sure the compute networks that are to be connected to a router have a gateway specified.
Navigate to the Compute > Routers tab, and then click Add router.
In the Add router window:
- Specify a router name.
- From the Network drop-down menu, select a physical network through which external access will be provided via an external gateway. The new external gateway will pick an unused IP address from the selected physical network.
- In the Add internal interfaces section, select one or more virtual networks to connect to a router via internal interfaces. The new internal interfaces will attempt to use the gateway IP address of the selected virtual networks by default.
- (Optional) Select or deselect the SNAT check box to enable or disable SNAT on the external gateway of the router. With SNAT enabled, the router replaces VM private IP addresses with the public IP address of its external gateway.
Click Create.
To edit a router name, click the ellipsis icon next to it, and then click Rename.
To remove a virtual router, click the ellipsis icon next to it, and then click Delete. To remove multiple virtual routers at once, select them, and then click Delete. Before deleting a virtual router, make sure no floating IP addresses are associated with any network it is connected to.
4.6.1. Managing router interfaces¶
To add an external router interface, do the following:
If you already have an external gateway, remove the existing one first.
On the Routers screen, click the router name to open the list of its interfaces.
Click Add on the toolbar, or click Add interface if there are no interfaces to show.
In the Add interface window, do the following:
- Select External gateway.
- From the Network drop-down menu, select a physical network to connect to the router. The new interface will pick an unused IP address from the selected physical network. You can also provide a specific IP address from the selected physical network to assign to the interface in the IP address field.
- (Optional) Select or deselect the SNAT check box to enable or disable SNAT on the external gateway of the router. With SNAT enabled, the router replaces VM private IP addresses with the public IP address of its external gateway.
Click Add.
To edit the external gateway parameters, click the ellipsis icon next to it, and then Edit. In the Edit interface window, you can change the external gateway IP address and enable or disable SNAT on it. To save your changes, click Save.
To add an internal router interface, do the following:
On the Routers screen, click the router name to open the list of its interfaces.
Click Add.
In the Add interface window, select a network to connect to the router from the Network drop-down menu. The new interface will attempt to use the gateway IP address of the selected virtual network by default. If it is in use, specify an unused IP address from the selected virtual network to assign to the interface in the IP address field.
Click Add.
To remove a router interface, click the ellipsis icon next to it, and then click Delete. To remove multiple interfaces at once, select them, and then click Delete.
4.6.2. Managing static routes¶
You can also configure static routes of a router by manually adding entries into its routing table. This can be useful, for example, if you do not need a mutual connection between two virtual networks and want only one virtual network to be accessible from the other.
Consider the following example:
- The virtual machine
VM1is connected to the virtual networkprivate1(192.168.128.0/24) via the network interface with IP address192.168.128.10. - The virtual machine
VM2is connected to the virtual networkprivate2(192.168.30.0/24) via the network interface with IP address192.168.30.10. - The router
router1connects the networkprivate1to the physical network via the external gateway with the IP address10.94.129.73. - The router
router2connects the networkprivate2to the physical network via the external gateway with the IP address10.94.129.74.
To be able to access VM2 from VM1, you need to add a static route for router1, specifying the CIDR of private2, that is 192.168.30.0/24, as the destination subnet and the external gateway IP address of router2, that is 10.94.129.74, as the next hop IP address. In this case, when an IP packet for 192.168.30.10 reaches router1, it will be forwarded to router2 and then to VM2.
To create a static route for a router, do the following:
On the Routers screen, click the router name. Open the Static routes tab, and then click Add on the right pane. If there are no routes to show, click Add static route.
In the Add static route window, specify the destination subnet range and mask in CIDR notation and the next hop’s IP address. The next hop’s IP address must belong to one of the networks that the router is connected to.
Click Add.
To edit a static route, click the ellipsis icon next to it, and then click Edit. In the Edit static route window, change the desired parameters, and then click Save.
To remove a static route, click the ellipsis icon next to it, and then click Delete. To remove multiple routes at once, select them, and then click Delete.